CVE-2024-21754

  1. OpenCVE
  2. Vulnerabilities (CVE)
  3. CVE-2024-21754
A use of password hash with insufficient computational effort vulnerability [CWE-916] affecting FortiOS version 7.4.3 and below, 7.2 all versions, 7.0 all versions, 6.4 all versions and FortiProxy version 7.4.2 and below, 7.2 all versions, 7.0 all versions, 2.0 all versions may allow a privileged attacker with super-admin profile and CLI access to decrypting the backup file.

1.8 /10

CVSS v3 : LOW

V3 Legend

Vector :

Exploitability : 0.3 / Impact : 1.4

Attack Vector LOCAL

Attack Complexity HIGH

Privileges Required HIGH

User Interaction REQUIRED

Confidentiality Impact LOW

Integrity Impact NONE

Availability Impact NONE

Scope UNCHANGED

References
Link Resource
https://fortiguard.fortinet.com/psirt/FG-IR-23-423 Vendor Advisory
https://fortiguard.fortinet.com/psirt/FG-IR-23-423 Vendor Advisory
Configurations

Configuration 1 (hide)

OR cpe:2.3:a:fortinet:fortiproxy:*:*:*:*:*:*:*:*
cpe:2.3:a:fortinet:fortiproxy:*:*:*:*:*:*:*:*
cpe:2.3:a:fortinet:fortiproxy:*:*:*:*:*:*:*:*
cpe:2.3:a:fortinet:fortiproxy:*:*:*:*:*:*:*:*
cpe:2.3:o:fortinet:fortios:*:*:*:*:*:*:*:*
cpe:2.3:o:fortinet:fortios:*:*:*:*:*:*:*:*
cpe:2.3:o:fortinet:fortios:*:*:*:*:*:*:*:*
cpe:2.3:o:fortinet:fortios:*:*:*:*:*:*:*:*
History

21 Nov 2024, 08:54

Type Values Removed Values Added
References () https://fortiguard.fortinet.com/psirt/FG-IR-23-423 - Vendor Advisory () https://fortiguard.fortinet.com/psirt/FG-IR-23-423 - Vendor Advisory
CVSS v2 : unknown
v3 : 4.4 		v2 : unknown
v3 : 1.8

04 Oct 2024, 14:13

Type Values Removed Values Added
CPE cpe:2.3:o:fortinet:fortios:*:*:*:*:*:*:*:*
cpe:2.3:a:fortinet:fortiproxy:*:*:*:*:*:*:*:*
References () https://fortiguard.fortinet.com/psirt/FG-IR-23-423 - () https://fortiguard.fortinet.com/psirt/FG-IR-23-423 - Vendor Advisory
CVSS v2 : unknown
v3 : 1.8 		v2 : unknown
v3 : 4.4
First Time Fortinet fortiproxy
Fortinet fortios
Fortinet

13 Jun 2024, 18:36

Type Values Removed Values Added
Summary
  • (es) Un uso de hash de contraseña con vulnerabilidad de esfuerzo computacional insuficiente [CWE-916] que afecta a FortiOS versión 7.4.3 e inferior, 7.2 todas las versiones, 7.0 todas las versiones, 6.4 todas las versiones y FortiProxy versión 7.4.2 e inferior, 7.2 todas las versiones, 7.0 todas versiones, 2.0, todas las versiones pueden permitir que un atacante privilegiado con perfil de superadministrador y acceso CLI pueda descifrar el archivo de copia de seguridad.

11 Jun 2024, 15:16

Type Values Removed Values Added
New CVE
Information

Published : 2024-06-11 15:16

Updated : 2024-11-21 08:54

NVD link : CVE-2024-21754

Mitre link : CVE-2024-21754

CVE.ORG link : CVE-2024-21754

JSON object : View

Products Affected

fortinet

  • fortiproxy
  • fortios
CWE
CWE-916

Use of Password Hash With Insufficient Computational Effort


NetmanageIT Website NetmanageIT OSINT Web NetmanageIT OpenCTI NetmanageIT PDF Tools NetmanageIT CTO Corner Blog NetmanageIT Email Header Analyzer NetmanageIT Password Pusher NetmanageIT Internet Health and Latency Dashboard NetmanageIT Dedicated Speed Test Site NetmanageIT Ubuntu Mirror 10Gbps Copyright OpenCVE 2024